1. Privacy Policy

1.1 General

A reference to “we”, “us” and “our” in this privacy policy is a reference to Copilot Pty Ltd A.C.N. 682 278 066 and its affiliates and subsidiaries in Australia.

Our services include the development, delivery, operation and maintenance of a computer software system which may include websites, mobile applications, electronic databases and online portals.

We are committed to managing personal information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) (Privacy Act) and in accordance with other applicable privacy laws.

This Privacy Policy explains how we, in general, deal with your personal information. In addition to this policy, we may issue privacy collection notices relating to specific services provided by us.

During the course of providing services, we may collect and hold personal information about you. This information can include the following:

  1. General Information: Name, title, gender, age, date of birth, marital status, parental status, employment/profession, family details such as relationship to other users of our service, names of children, parents and next of kin, children’s school and education information.
  2. Contact Details: Phone number, email address, residential address, business address, mailing address.
  3. Photos and Images: Photos and images of yourself and/or your dependents which are provided by you or supplied to us by third parties and other users. For example, the business using this service may upload promotional material or imagery that includes images of yourself to our system.
  4. Identification: Blue Cards, yellow cards, government issued documents, accreditations and qualifications.
  5. Health: Diet requirements, health information and requirements including requests for specific assistance.
  6. General Records: Attendance records, location data, IP Address, records relating to your use of our services, chat history and documentary records of interactions between us such as chat history, emails, text messages or other forms of written communication including any images exchanged over such communication, sporting performance records, details of incidents, signed documents and waivers.

In limited circumstances, we may collect information which is considered sensitive information. For example, if you are injured we may collect health information about you in an emergency or otherwise with your consent.

We may collect personal information about children (for example, when children participate in events). Where children do not have sufficient maturity and understanding to make decisions about their personal information, we will require their parents or guardians to make decisions on their behalf.

You may decline to provide us with information, however, this may prevent us from being able to provide you with our services.

1.2 Collection of Personal Information

We collect personal information reasonably necessary to carry out our business, to assess and manage our clients’ needs, and provide services. We may also collect information to fulfil administrative functions associated with these services, for example billing, entering into contracts with you and/or third parties and managing client relationships.

Information will primarily be collected directly from you and the information provided to us by your use of our services. Use of our services includes accessing and using software, websites, programs, applications, mobile apps, portals and databases created and provided by us. We may also collect information from you over the telephone, social media, email or in person.

Information about you may be collected from a third party including but not limited to:

  1. Schools
  2. Education facilities
  3. Third parties that provide software support
  4. A person providing information on your behalf
  5. Data analysis and matching services
  6. Providers of third party apps, websites and social media platforms

All information regarding other individuals provided by you has been provided with due and proper authority and you warrant that all authorisation and consent has been obtained prior to providing us with such information.

1.3 Use of Personal Information

Your personal information may be used for the following purposes:

  1. Administration of our services and products: Providing customer support, facilitating communication with you, verification of identity, ensuring legal compliance, quality improvement services, risk management, responding to enquiries, obtaining advice from consultants and other professionals, facilitating payments, training staff and general administration, management and operation of the services provided by us.
  2. Marketing: Providing updates, offers, promotions and events, distributing advertisements, newsletters and other communications.
  3. Facilitation of participation in programs: Providing communication regarding programs, timetables and events, maintaining relevancy of websites, software and apps.
  4. Research: Conducting research and data analysis to improve and update our services and ensure that all our products and services are presented in an effective manner including providing such relevant personal information to third parties assisting in and conducting such research.
  5. Legal: Responding to court subpoenas, court orders or notices or requirements of government departments or authorities.
  6. Health and Safety: To facilitate a safe, accessible and assisted (as applicable) environment and to provide timely information in the event of a medical emergency or incident.

All personal information collected may be combined, separated and compiled as required by us.

1.4 Disclosure of Personal Information

We may disclose personal information to third parties in connection with:

  1. Providing the services and products
  2. Operating the platform, website and software
  3. Our legal obligations
  4. Development and administration of our services including websites, mobile apps, software and programs

These third parties may include:

  1. Our employees
  2. Employees of associated gyms and businesses
  3. Sub-contractors
  4. Data storage providers, telecommunication networks and software providers
  5. IT contractors and consultants engaged in the maintenance, delivery and support of our services
  6. External bookkeepers, financiers and accountants
  7. Our legal representatives
  8. Market researchers
  9. Insurers
  10. Incident investigators
  11. Sporting clubs
  12. Schools and educational facilities/institutions
  13. Data analysts
  14. Government departments and authorities

Personal Information may be disclosed to comply with legal obligations, respond to claims and complaints and for the purposes of protecting against suspected fraudulent activity.

We may disclose your personal information to our clients where this is reasonably necessary for, and relevant to, the delivery of products or services. We may use images or audio-visual recordings which identify you for promotional purposes where you would reasonably expect this to occur.

We may use and disclose your personal information for other purposes explained at the time of collection or otherwise as set out in this Privacy Policy.

1.5 Storage of Information

  1. Personal Information is stored electronically, using third-party system providers who may store or have access to the Personal Information.
  2. Personal Information that can be used to uniquely identify a person will, where possible, be encrypted.
  3. No data transmission or storage of data can be guaranteed to be secure from intrusion or unauthorised access, however, steps will be taken to ensure that the risk of such event is minimised.
  4. Passwords and login details used to access our services are to be kept confidential by you.
  5. Personal Information may be accessed, transferred to and/or stored outside of Australia. It is likely that your personal information will be disclosed to overseas recipients.
  6. Unless we have your consent, or an exception under the APPs applies, we will only disclose your personal information to overseas recipients where we have taken reasonable steps to ensure that the overseas recipient does not breach the APPs in relation to your personal information.

1.6 Accessing and Correcting Personal Information

  1. You are entitled to access your personal information held by us on request. To request access to your personal information please contact our privacy officer using the contact details set out below.
  2. You will not be charged for making a request to access your personal information but you may be charged for the reasonable time and expense incurred in compiling information in response to your request.
  3. We will take reasonable steps to ensure that the personal information we collect, use or disclose is accurate, complete and up-to-date. You can help us to do this by letting us know if you notice errors or discrepancies in information we hold about you and letting us know if your personal details change.
  4. If you consider any personal information we hold about you is inaccurate, out-of-date, incomplete, irrelevant or misleading you are entitled to request correction of the information. After receiving a request from you, we will take reasonable steps to correct your information.
  5. We may decline your request to access or correct your personal information in certain circumstances in accordance with the APPs. If we do refuse your request, we will provide you with a reason for our decision and, in the case of a request for correction, we will include a statement with your personal information about the requested correction.

1.7 Complaints and Concerns

  1. You may contact us if you have any questions or concerns about this Privacy Policy or about the way in which your personal information has been handled.
  2. You may make a complaint about privacy to the Privacy Officer at the contact details set out below.
  3. The Privacy Officer will first consider your complaint to determine whether there are simple or immediate steps which can be taken to resolve the complaint. We will generally respond to your complaint within a week.
  4. If your complaint requires more detailed consideration or investigation, we will acknowledge receipt of your complaint within a week and endeavour to complete our investigation into your complaint promptly. We may ask you to provide further information about your complaint and the outcome you are seeking. We will then typically gather relevant facts, locate and review relevant documents and speak with individuals involved.
  5. In most cases, we will investigate and respond to a complaint within 30 days of receipt of the complaint. If the matter is more complex or our investigation may take longer, we will let you know.
  6. If you are not satisfied with our response to your complaint, or you consider that we may have breached the APPs or the Privacy Act, a complaint may be made to the Office of the Australian Information Commissioner (OAIC). The OAIC can be contacted by telephone on 1300 363 992 or by using the contact details on the OAIC website.

1.8 Changes to this Privacy Policy

We may amend this Privacy Policy from time to time, with or without notice to you. We recommend that you visit our website regularly to keep up to date with any changes.

1.9 Additional Information for UK and EU Residents (GDPR Compliance)

If you are located in the United Kingdom or a country within the European Economic Area (EEA), the following provisions apply to the collection, use, disclosure, and storage of your personal information under the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR):

International Data Transfers

Your personal information, including any sensitive personal data (such as medical or health information you provide), may be stored in Australia and in other countries outside the UK and EEA. It may also be transferred through other countries in the course of providing our services, including via third-party service providers.

Where we transfer your personal information to a country that has not been deemed to provide an adequate level of protection, we will implement appropriate safeguards, such as Standard Contractual Clauses approved by the relevant data protection authorities, and will review and update these safeguards regularly.

Lawful Basis for Processing

We will only process your personal information where we have a lawful basis under GDPR, which may include:

  • Consent – where you have given clear permission for us to process your personal data for a specific purpose.
  • Contract – where processing is necessary for the performance of a contract with you or to take steps at your request prior to entering into a contract.
  • Legal Obligation – where processing is necessary to comply with the law.
  • Vital Interests – where processing is necessary to protect someone's life.
  • Public Task – where processing is necessary for us to perform a task in the public interest.
  • Legitimate Interests – where processing is necessary for our legitimate interests or those of a third party, provided these do not override your rights and freedoms.

Special Category Data (Medical Information)

Where you provide medical or health information, we will process it only:

  • With your explicit consent;
  • To protect your vital interests;
  • Where necessary for health and safety purposes; or
  • Where otherwise permitted by GDPR.

Data Retention

We will retain your personal information only for as long as necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law.

The criteria used to determine retention periods include:

  • The nature of the personal data;
  • The purposes for which it is processed; and
  • Legal, regulatory, or contractual requirements.

Children's Data

If you are under the age of 16 (or a lower age if permitted by the laws of your country, but never below 13), we will require parental or guardian consent to collect and process your personal information. We take steps to verify that consent has been given by the holder of parental responsibility.

Marketing Communications

We will only send you marketing communications where we have your consent, or where permitted under applicable law. You may withdraw your consent or opt out of receiving marketing at any time by following the unsubscribe link in our emails or contacting us directly.

Profiling and Automated Decision-Making

We may use limited profiling (such as analytics or activity tracking) to improve our services and user experience. We do not make decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects.

Your Rights Under GDPR

You have the following rights under GDPR:

  • Right of Access – to obtain a copy of the personal data we hold about you.
  • Right to Rectification – to request that we correct inaccurate or incomplete personal data.
  • Right to Erasure – to request that we delete your personal data in certain circumstances.
  • Right to Restrict Processing – to request that we limit the processing of your personal data in certain circumstances.
  • Right to Data Portability – to request that we provide your personal data in a structured, commonly used, and machine-readable format, and transfer it to another controller where technically feasible.
  • Right to Object – to object to the processing of your personal data, including for direct marketing.
  • Rights in Relation to Automated Decision-Making – to not be subject to decisions based solely on automated processing, including profiling, which produce legal or similarly significant effects.

Withdrawing Consent

Where we rely on your consent to process your personal information, you may withdraw your consent at any time. This will not affect the lawfulness of processing carried out before withdrawal.

Local Representative

At the time of this policy update, we do not have an appointed representative in the UK or EU under Article 27 of the GDPR.

If and when we appoint such a representative, their details will be published on our website and made available upon request.

If you are a UK or EU resident, you may still contact us directly using the details below for any privacy-related matters.

Lodging a Complaint

If you are in the UK, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at www.ico.org.uk.

If you are in the EU, you have the right to lodge a complaint with your local supervisory authority. A list of EU supervisory authorities is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en.

1.10 Contact and Privacy Officer

Our contact details are:

Privacy Officer: Micheil Cathcart

Email address: hello@pilotsm.com

This Privacy Policy was last updated in 2025.